Error return from krb5int_random_string not tested in ccache code

krb5int_random_string should probably only fail on malloc
failure. Test for an error return from the function and cleanup
properly (release mutex, return error instead of using uninitialized
memory).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20655 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 13 insertions, 2 deletions

diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index 638db3c..163ad30 100644
--- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -874,7 +874,13 @@ krb5_krcc_generate_new(krb5_context context, krb5_ccache * id)
      * a unique name, or we get an error.
      */
     while (1) {
-	krb5int_random_string(context, uniquename, sizeof(uniquename));
+	kret = krb5int_random_string(context, uniquename, sizeof(uniquename));
+        if (kret) {
+            k5_mutex_unlock(&krb5int_krcc_mutex);
+            free(lid);
+            return kret;
+	}
+
 	DEBUG_PRINT(("krb5_krcc_generate_new: searching for name '%s'\n",
 		     uniquename));
 	key = keyctl_search(ring_id, KRCC_KEY_TYPE_KEYRING, uniquename, 0);
diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c
index 504dccb..0014407 100644
--- a/src/lib/krb5/ccache/cc_memory.c
+++ b/src/lib/krb5/ccache/cc_memory.c
@@ -471,7 +471,12 @@ krb5_mcc_generate_new (krb5_context context, krb5_ccache *id)
     while (1) {
         krb5_mcc_list_node *ptr;
 
-        krb5int_random_string (context, uniquename, sizeof (uniquename));
+        err = krb5int_random_string (context, uniquename, sizeof (uniquename));
+        if (err) {
+	    k5_mutex_unlock(&krb5int_mcc_mutex);
+	    free(lid);
+	    return err;
+        }
         
 	for (ptr = mcc_head; ptr; ptr=ptr->next) {
             if (!strcmp(ptr->cache->name, uniquename)) {